System and Method for Managing Secure Communications Between Modules in a Controller Area Network

1. A system for managing secure communications between modules in a Controller Area Network (CAN) comprising: a key management module configured to: organize CAN identities of the CAN into sub-sets based on functionalities of the CAN identities, wherein each sub-set is arranged as a tree structure having a root node which represents a function of the sub-set, arrange the sub-sets of CAN identities into a tree structure having a root node N R , wherein the root nodes of the sub-sets are arranged as descendant nodes of root node N R , and set a key for the root node N R and compute keys for each node in each level in the tree structure, starting from child nodes of the root node N R , wherein a key of a child node in the tree structure is computed using a key of a parent node and an identifier identifying the child node; and a broadcast module communicatively connected to the key management module, configured to: generate a frame to be transmitted on the CAN, wherein the frame is associated with a CAN identity id c1 selected from the CAN identities, compute a CAN identity key k c1 using an ascendant key k 1 associated with an ascendant node of the CAN identity id c1 node and a root-node path identifier associated with the CAN identity id c1 node, wherein the ascendant key k 1 is retrieved from the key management module and the root-node path identifier comprises a value assigned to the CAN identity id c1 node, obtain a scheme parameter p and compute a verification parameter v d based on the scheme parameter p, the CAN identity key k c1 , the CAN identity id c1 , and the frame to be transmitted, wherein the scheme parameter p comprises a variable unique to the scheme, and broadcast information comprising the frame associated with the CAN identity id c1 and the verification parameter v d on the CAN such that a receiver module on the CAN having a filter that comprises the CAN identity id c1 receives the broadcasted information and validates the received frame using the received verification parameter v d .

2. The system according to claim 1 , wherein the computing the keys for each node in each level in the tree structure comprises the key management module being configured to: for each child node in the tree structure, compute a key k c for the child node in the tree structure using a key generating function (KGF( )), a key k p of a parent node of the child node and an identifier identifying the child node id c , the key k c being defined as k c =KGF(k p , id c ).

3. The system according to claim 1 , wherein the computing the CAN identity key k c1 using the ascendant key k 1 associated with the ascendant node of the CAN identity id c1 node and the root-node path identifier associated with the CAN identity id c1 node comprises the broadcast module being configured to: compute the CAN identity key k c1 using a key generating function (KGF( )), the CAN identity id c1 and the ascendant key k 1 , the CAN identity key k c1 being defined as k c1 =KGF(k 1 , id c1 ) when the ascendant key k 1 is associated with a parent node of the CAN identity id c1 node and when the root-node path identifier associated with the CAN identity id c1 node comprises the CAN identity id c1 .

4. The system according to claim 1 , wherein before the key management module sets the key for the root node N R , the key management module is configured to: selectively insert at least one intermediate node between the root node N R and a root node of one of the sub-sets such that the intermediate node represents an ascendant node of the root node of one of the sub-sets.

5. The system according to claim 1 , wherein the scheme parameter p comprises a local time T, the broadcast information further comprises the scheme parameter p, and wherein the broadcast module is configured to: compute the verification parameter v d using the local time T, wherein the verification parameter v d is defined as v d =MAC(k c1 , T∥id c1 ∥‘frame’) where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN.

6. The system according to claim 5 , wherein the validation of the received frame by the receiver module comprises the receiver module being configured to: obtain the CAN identity key k c1 and a receiver local time T R ; perform a first validation check on the validity of the received frame based on the received local time T and the obtained receiver local time T R ; perform a second validation check on the validity of the received frame by comparing the received verification parameter v d with a receiver verification parameter v Rd , when the first validation check validates the received frame, wherein the receiver verification parameter v Rd is defined as v Rd =MAC(k c1 , T∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN; and processing the received frame when the second validation check validates the received frame.

7. The system according to claim 6 , further comprising: a gateway module configured to: obtain a gateway local time T G ; generate a general frame using the gateway local time T G that is transmitted and received by all the modules on the CAN such that when each module receives the general frame, wherein each module is configured to: validate the received general frame; and synchronize local time of the module using the gateway local time TG when the received general frame is validated.

8. The system according to claim 6 , wherein the obtaining the CAN identity key k c1 comprises the receiver module being configured to: retrieve the CAN identity key k c1 that is preloaded into the receiver module by the key management module.

9. The system according to claim 6 , wherein the obtaining the CAN identity key k c1 comprises the receiver module being configured to: compute the CAN identity key k c1 using the CAN identity id c1 and a key of an ascendant node, wherein the key of the ascendant node is preloaded into the receiver module by the key management module.

10. The system according to claim 1 , wherein the scheme parameter p comprises a counter CT c1 associated with the CAN identity id c1 and wherein the broadcast module is configured to: increment the counter CT c1 by one, compute the verification parameter v d using the counter CT c1 , wherein the verification parameter v d is defined as v d =MAC(k c1 , CT c1 ∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN.

11. The system according to claim 10 , wherein the validation of the received frame by the receiver module comprises the receiver module being configured to: obtain the CAN identity key k c1 and a receiver counter CT′ c1 associated with the CAN identity id c1 ; perform a validation check on the validity of the received frame by comparing the received verification parameter v d with a receiver verification parameter v Rd , wherein the receiver verification parameter v Rd is defined as v Rd =MAC(k c1 , (CT′ c1 +1)∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN; and increment the counter CT′ c1 by one and process the received frame when the validation check validates the received frame, wherein a gateway module is configured to synchronize the counter CT c1 at the broadcast module and the counter CT′ c1 at the receiver module.

12. The system according to claim 11 , wherein the gateway module is configured to synchronize the counter at the broadcast module and the receiver counter at the receiver module by: obtaining the counter CT c1 associated with the CAN identity id c1 ; generating a counter frame using the counter CT c1 and the CAN identity id c1 ; and broadcasting the counter frame on the CAN such that when each module on the CAN having a counter receives the counter frame, wherein each module is configured to: synchronize the counter in the module using the received counter frame.

13. The system according to claim 1 , wherein the scheme parameter p comprises a nonce N, and wherein the broadcast module is configured to: compute the verification parameter v d using the nonce N, wherein the verification parameter v d is defined as v d =MAC(k c1 , N∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN.

14. The system according to claim 13 , wherein the receiver module is configured to: obtain the CAN identity key k c1 and a receiver nonce N′; perform a validation check on the validity of the received frame by comparing the received verification parameter v d with a receiver verification parameter v Rd , wherein the receiver verification parameter v Rd is defined as v Rd =MAC(k c1 , N′∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN; and processing the received frame when the validation check validates the received frame, wherein a gateway module is configured to synchronize the nonce N at the broadcast module and the nonce N′ at the receiver module.

15. The system according to claim 14 , wherein the gateway module is configured to periodically broadcast nonces at the broadcast module and the receiver module by: generating the nonce N; generating a nonce frame using the nonce N; and broadcasting the nonce frame on the CAN such that when each module on the CAN receives the nonce frame, each module is configured to: receive and store the nonce in the module using the received nonce frame.

16. The system according to claim 1 , wherein the scheme parameter p comprises a local time T and a counter CT c1 associated with the CAN identity id c1 , and the broadcast information further comprises the scheme parameter p, wherein the broadcast module is configured to: increment the counter CT c1 by one and compute the verification parameter v d using the local time T and the counter CT c1 , wherein the verification parameter v d is defined as v d =MAC(k c1 , T∥CT c1 ∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN.

17. The system according to claim 16 , wherein the receiver module is configured to: obtain the CAN identity key k c1 , a receiver local time T R , and a receiver counter CT′ c1 associated with the CAN identity id c1 ; perform a first validation check on the validity of the received frame based on the received local time T and the obtained receiver local time T R ; perform a second validation check on the validity of the received frame by comparing the received verification parameter v d with a receiver verification parameter v Rd , when the first validation check validates the received frame, wherein the receiver verification parameter v Rd is defined as v Rd =MAC(k c1 , T∥(CT′ c1 +1)∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN; and increment the counter CT′ c1 by one and process the received frame when the second validation check validates the received frame, wherein a gateway module is configured to synchronize the counter CT c1 at the broadcast module and the counter CT′ c1 at the receiver module.

18. The system according to claim 17 , wherein the gateway module is further configured to: obtain a gateway local time T G ; generate a general frame using the gateway local time T G that is transmitted and received by all the modules on the CAN such that when each module receives the general frame, wherein each module is configured to: validate the received general frame; synchronize local time of the module using the gateway local time T G when the received general frame is validated; and reset the counter in the module.

19. The system according to claim 17 , wherein the gateway module is configured to synchronize the counter at the broadcast module and the receiver module by: obtaining the counter CT c1 associated with the CAN identity id c1 ; generating a counter frame using the counter CT c1 and the CAN identity id c1 ; and broadcasting the counter frame on the CAN such that when each module on the CAN having the counter receives the counter frame, wherein each module is configured to: synchronize the counter in the module using the received counter frame.

20. The system according to claim 1 , wherein the scheme parameter p comprises a nonce N and a counter CT c1 associated with the CAN identity id c1 , and wherein the broadcast module is configured to: increment the counter CT c1 by one and compute the verification parameter v d using the nonce N and the counter CT c1 , wherein the verification parameter v d is defined as v d =MAC(k c1 , N∥CT c1 ∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN.

21. The system according to claim 20 , wherein the receiver module is configured to: obtain the CAN identity key k c1 , a receiver nonce N′, and a receiver counter CT′ c1 associated with the CAN identity id c1 ; perform a validation check on the validity of the received frame by comparing the received verification parameter v d with a receiver verification parameter v Rd , wherein the receiver verification parameter v Rd is defined as v Rd =MAC(k c1 , N′∥(CT′ c1 +1)∥id c1 ∥‘frame’), where MAC( ) is a message authentication code function, and ‘frame’ is the frame to be transmitted on the CAN; and increment the counter CT′ c1 by one and process the received frame when the validation check validates the received frame, wherein a gateway module is configured to broadcast the nonce N at the broadcast module, the nonce N′ at the receiver module, and synchronize the counter CT c1 at the broadcast module and the counter CT′ c1 at the receiver module.

22. The system according to claim 21 , wherein the gateway module is configured to synchronize the counter at the broadcast module and the receiver module by: obtaining the counter CT c1 associated with the CAN identity id c1 ; generating a counter frame using the counter CT c1 and the CAN identity id c1 ; and broadcasting the counter frame on the CAN such that when each module on the CAN receives the counter frame, each module is configured to: synchronize the counter in the module using the received counter frame.

23. The system according to claim 21 , wherein the gateway module is configured to periodically broadcast the nonces at the broadcast module and the receiver module by: generating the nonce N; generating a nonce frame using the nonce N; and broadcasting the nonce frame on the CAN such that when each module on the CAN receives the nonce frame, each module is configured to: validate and store the nonce in the module using the received nonce frame.

24. A method for generating a hierarchical tree structure for Controller Area Network (CAN) identities in a CAN network, the method using a key management module provided in a vehicle, the method comprising: organizing CAN identities of the CAN into sub-sets based on functionalities of the CAN identities, wherein each sub-set is arranged as a tree structure having a root node that represents a function of the sub-set; arranging the sub-sets of CAN identities into a tree structure having a root node N R , wherein the root nodes of the sub-sets are arranged as descendant nodes of root node N R ; and setting a key for the root node N R and computing keys for each node in each level in the tree structure, starting from child nodes of the root node N R , wherein a key of a child node in the tree structure is computed using a key of a parent node and an identifier identifying the child node.

25. The method according to claim 24 , wherein the computing the keys for each node in each level in the tree structure comprises: for each child node in the tree structure, computing a key k c for the child node in the tree structure using a key generating function (KGF( )), a key of a parent node of the child node k p , and an identifier identifying the child node id c , the key k c being defined as k c =KGF(k p , id c ).

26. The method according to claim 24 , wherein before the setting the key for the root node N R , the method comprises the step of: selectively inserting at least one intermediate node between the root node N R and a root node of one of the sub-sets such that the intermediate node represents an ascendant node of the root node of one of the sub-sets.